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Abstract. This paper introduces a variation on Kak's three-stage quanutm 
key distribution protocol which allows for defence against the man in the mid- 
dle attack. In addition, we introduce a new protocol, which also offers similar 
resiliance against such an attack. 



1. Introduction 

In the relatively new field of quantum information science, there have been lim- 
ited numbers of true breakthroughs. The quantum computer remains a machine on 
paper only, for a working realization has proved elusive. For one of the most pow- 
erful tools that the quantum computer would provide, namely the reduction of the 
factorization problem to polynomial time by Shor's algorithm, the most successful 
implementation to date has been to factor the number 15 into 3 times 5 [1]. 

The quantum computer might remain unrealized for years to come. Indeed, Kak 
has suggested that the current quantum circuit model for quantum computers is 
fundamentally flawed and new models must be developed to tackle the problem [2] . 

While there have been limited strides in some areas of quantum information 
science, one area in particular has produced realizable solutions in the field of cryp- 
tography. Quantum key distribution protocols have been successfully implemented 
and have produced commercially available products. 

In this paper, we will discuss a new protocol proposed by Kak called the "Three 
Stage Protocol." To Kak's protocol, we will introduce a modification which allows 
for greater security against man in the middle attacks. In addition, we introduce a 
new single stage protocol which similarly allows for security against such attacks. 

2. Quantum Key Distribution 

The usefulness of quantum key distribution lies in the properties of the qubit, 
the quantum unit of information. Since a qubit is an object representing a quantum 
superposition state, the qubit cannot be copied. This is commonly called the no- 
cloning theorem [3] . This property ensures that during qubit data transmission, it 
is impossible for an evesedropper (Eve) to simply make copies of the qubits being 
sent, and thus manipulate these copied qubits to obtain the message. This useful 
property allows quantum data transmission to be used effectively in key distribution 
protocols as shown in [3]. 

When a private key can be transmitted securly along a quantum channel, then 
secure classical communication between the two parties (Alice and Bob) can be 
achieved using the private key (Figure 1). One private key cryptosystem in use 
today is the Vernam cipher, also called the one time pad. According to Nielsen and 
Chuang, the security of the private key used in the Vernam cipher is sometimes 
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ensured by transmitting it via such low-tech solutions as clandestine meetings or 
trusted couriers. The need for better transmission protocols is obvious. 
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Figure 1. Quantum Key Distribution 



3. Kak's Three-Stage Protocol 

In [4], S. Kak proposed a new quantum key distribution protocol based on secret 
unitary transformations (Figure 2). His protocol, like BB84, has three stages, but 
unlike BB84, it remains quantum across all three stages. In the first stage, Alice 
manipulates the message X, which is simply one of two orthogonal stages (e.g. 
a|0) + and (3\0) — a|l)) by means of a unitary transformation Ua, known only 
to her. Bob receives the new state, and in the second stage, applies his own secret 
transformation U b , which is both a unitary transformation, and one that commutes 
with Ua, and sends the result back to Alice. In the third stage, Alice applies the 
Hermitian conjugate of her transformation, U A , and sends the result back to Bob. 
Since U a UbUa(X) = Ub(X), Bob simply applies U B and obtains the previously 
unknown state, X. 



4. The Man in the Middle Attack 

The Suceptability of both BB84 and Kak's three-stage protocol to man in the 
middle attacks has been documented [e.g. 5,6], and various methods to counter 
these attacks have been proposed [e.g. 7,8]. In such an attack, the eavesdropper, 
Eve, can attempt to thwart the communication between Alice and Bob in one of 
the following ways (Figure 3). 
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Figure 2. Kak's Three-Stage Protocol 

(1) Eve receives the message from Alice by impersonating Bob. Eve then de- 
codes Alice's message, and, now impersonating Alice, duplicates this mes- 
sage to Bob. In this scenerio, both Eve and Bob obtain the secret message. 

(2) Eve impersonates Bob and decodes Alice's message as in scenerio 1, but 
instead of relaying the actual message to Bob, Eve relays a different message 
of her own choosing. In this scenerio, only Eve obtains the secret message. 

(3) Eve impersonates Bob, but is not able to decode Alice's message. Instead, 
she impersonates Alice and sends her own message to Bob. In this scenerio, 
communication between Alice and Bob is blocked, but no secret message is 
comprimised. 
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Figure 3. Man in the Middle Attack 



5. A Variation on Kak's Three Stage Protocol 

In Kak's paper [4], he suggests using secret real valued orthogonal transforma- 
tions to encrypt the qubits. Under orthogonal transformations of the same form 
(see below) , the selection of the angles 9 and 4> by Alice and Bob respectively does 
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not affect the outcome of the protocol. Furthermore, both Alice and Bob do not 
need to know what each other's angle selection is. 

The reason that a man in the middle attack can be carried out is that when 
Ua is assumed to be real valued, it is very easy for Eve to find another unitary 
transformation, Ue, which commutes with Ua- This is the underlying assumption 
by both Perkins [5], and Basuchowdhuri [7]. Indeed, for a 2x2 real valued unitary 
transformation (i.e. an orthogonal transformation), there is a limitation on its form. 

Consider a 2x2 transformation: 



U A = 



W X 

y z 



,w,x,y,z € 9? 



Then, for Ua to be orthogonal (unitary), U aU a = I- This gives rise to the following 
equations: 

w 2 + y 2 = 1 
x 2 + z 2 = 1 
wx + yz = 

These equations are satisfied only when Ua has one of the two following forms: 



Ui(0) = 
a rotation, as Kak proposed, or 

U 2 (0) = 



cos{9) —sin(9) 
sin(9) cos(9) 



cos(9) sin{9) 
sin(9) —cos(9) 



a reflection across the line § . 

The three-stage protocol demands that while Bob doesn't know the value of 9 
that Alice is using, he must know which of the two above forms of Ua that Alice 
chooses. The reason for this is that while U\{9) commutes with Ui(<f>) for any 9 
and </>, and U 2 (9) commutes with U2(4>) for any 9 and <fr, U\{9) does not commute 
with C/2(0) in general. So we will consider the choice of the form of Ua to be public 
information. Once this information is known, Bob simply needs to choose his own 
angle <fr, and his transformation Ub will be of the same form as Ua- 



= {u 1 (cb),U A = U 1 (9) 
B \U 2 {4>),U A = U 2 {6) 



It is easy to see that when the same form is used, Ua and Ub commute (i.e. 
U A U B = U B U A ). 



For Form 1: 



U A U E 



cos{9) —sin(9) 
sin{9) cos(9) 



cos((j)) —sin(4>) 
sin((f>) cos(cj)) 



cos (9) cos ((f)) — sin(9)sin((j)) ~cos(9)sin(<j)) — cos(<ft)sin(9) 
cos((t>)sin(9) + cos(9)sin((fj) —sin(9)sin(<p) + cos(9)cos((j)) 
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Applying trigonometric identities, 

~cos(6 + <p) -sin(0 + <p) 
sin{9 + (f>) cos(6 + 4>) 

Since Ua and Ub have the same form, it is clear that they commute. 



UaU e 



For form 2: 



UaU b = 



cos{9) sin{9) 
sin{9) —cos(9) 



cos((f>) sin{4>) 
sin{4>) ~cos(4>) 



cos(6)cos(<f>) + sin(9) sin(<p) 
cos(4>)sin(9) — cos(9)sin(4>) 

Again, applying trigonometric identities, 



cos(9)sin((j)) — cos(<p)sin(9) 
sin(9)sin((f>) + cos (9) cos ((f)) 



UaUb = 



cos(9 + <f>) sin(cf) — 9) 
sin(9 — 4>) cos(9 + </>) 

Since Ua and Ub always commute given the same form, then for Eve to imper- 
sonate Bob and obtain Alice's secret message, she only needs to select any angle 
tp and use it in her own transformation Ue where Ub is of the same form as Ua- 
Using Ue, Eve can obtain the secret state X in the exact same way that Bob can 
obtain it. In addition, Eve can relay a message to Bob using her own Ue transfor- 
mation. Since Bob doesn't know what Alice's Ua transformation is, Eve's Ue is a 
valid substitution. 

Suppose now instead of a orthogonal (i.e. unitary and real value) transformation, 
Alice chooses a more general complex valued unitary transformation, 



e • 

-ie" 



,0e [0,2tt). 



When Alice chooses a Ua of this form, it is more difficult for Bob to find another 
transform, Ub which commutes. We see that when 

1 



Ub(^) = 



V2 



then 



and 



U A U B = 



U B U A = 



e i(0+4>) _|_ jgi(0- 
i e i($+4>) _|_ e i(4>- 

■ e H*+o) + ie H0- 
ie *(<P+o) + e i{8- 
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i(6-<P) 



ie 



:(6-<t>) _ p -i(e+4>) 



<t>) 
4) 



ie 



U-e) 



ie 
- e 



-i(4>+9) 
-i(<t>+9) 



These transformations commute only when <j> = 9 + n (or any 2ir multiple). For 
Bob to decode Alice's message, he must have more information than simply the 
form of her transformation. He must know also the value of 9 that she has chosen. 

While this might seem to be a hindrence to the protocol, it allows for much 
greater security against a man in the middle attack. Eve attempts to intercept 
Alice's message to Bob by choosing a Ue to impersonate Bob's Ub- As we saw 
earlier, when Ua is real valued, Eve can simply pick any angle tp and generate a 
transformation Ue that commutes. But with a complex valued Ua, Eve cannot 
guarantee a commuting transformation without knowing the value of 9. Consider 
Eve's choice of a i/j without knowledge of 9. Then, U a UeUa ^ Ue- 
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6. The Single Stage Quantum Cryptography Protocol 

When, as in the variation to Kak's protocol described above, Bob knows the 
value of 9 that Alice has chosen for her transformation Ua (assuming as above that 
the form of Ua is public information), then he has full knowledge of Ua- In this 
situation, Alice and Bob can forego the second two stages of the protocol and let 
Bob perform the transform lj\ to obtain the unknown state X (Figure 4) . We have 
simply, U\Ua(X) = X. In this situation, there is no need for Ua to be complex 
valued. We can have, as Kak proposed in [4], 



U A 



cos{9) —sin{9) 
sin(9) cos{9) 



So for Eve to intercept the message X and properly decode it, she would have 
to know the value of 9. The strength of this protocol is dependent on keeping 
the value of 9 a secret known only to Alice and Bob. We enhance the security of 
our protocol by allowing for 9 to change, which blocks any attempt by Eve at a 
statistical analysis of the qubits. We assume that before secure transmission may 
begin, there is some other secure protocol that Alice may use to transmit her initial 
value of 9 to Bob. One example is Perkins' protocol which uses trusted certificates 
[6]. 

Suppose we restrict 9 to the upper half plane of the unit circle. After I qubits are 
successfully transmitted from Alice to Bob, the qubits l + l to / + k will be used to 
obtain the new value of 9. The k data bits selected by Alice for these k qubits will 
represent an integer N such that if b n is the nth bit transmitted (b n £ {0, 1}), then 
N = bi + i + 2bi + 2 + 4fe; + 3 + ... + 2 k bi + k- When these four qubits are received by Bob 
and decoded, Alice and Bob adjust their transformations Ua and U A respectively 
such that 



U A 



cos(9n) — sm(^jv) 
sin(9]y) cos(9n) 



After this, Alice transmits I more qubits to Bob before again changing the value 
of 9. In this fashion, any attempt by Eve to obtain the value of 9 with no prior 
knowledge would be extremely difficult. 
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Figure 4. The Single Stage Quantum Cryptography Protocol 
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FIGURE 5. Framing on the Single Stage Protocol 
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